1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Issue with the ability to ping

Issue with the ability to ping

  • D

    Hello, I have a SG-3100 installed at a customer location and they need to be able to ping powerdmslocal.com and have it respond on 127.0.0.1 Somewhere it is getting blocked. I have tried port forwarding based on the ports that have been supplied but I haven't had any luck so I am reaching out here.

    0
  • Rico
    LAYER 8 Rebel Alliance

    Maybe it's me but I don't get what you are trying to do...

    -Rico

    0
  • D

    so they use a program that needs to access powerdmslocal.com but when I ping it from a machine not behind a firewall, it returns 127.0.0.1 however if they are behind the pfsense, it doesn't find the host.

    0
  • johnpoz
    LAYER 8 Global Moderator 

    ;; QUESTION SECTION:
;powerdmslocal.com.             IN      A

;; ANSWER SECTION:
powerdmslocal.com.      3599    IN      A       127.0.0.1

    On the public internet returns 127.0.0.1, if you ask pfsense for that, which pfsense is either resolving or forwarding to something it would be a rebind - and you would get no response.

    You can either create a host override in pfsense to return that for devices behind pfsense using pfsense as dns.

    Or you set it as a private domain, so pfsense will allow such a response.

    https://docs.netgate.com/pfsense/en/latest/dns/dns-rebinding-protections.html

    Pick which one you want to do
    pickone.png

    0 D 1 Reply
  • D

    @johnpoz exactly what I needed... thank you so much!

    0
  • D

    ok, so I guess this wasn't exactly what I needed.. I need to add *.powerdmslocal.com but it won't allow me to add the * in front of the domain. Is there a way around this?

    Thanks so much for the help!

    0
  • johnpoz
    LAYER 8 Global Moderator

    you want a wildcard.. You can do that with redirect.

    But I take it you didn't set private domain, because private domain would return anything on the public internet be it rfc1918 or not.. And they already have wildcard set, so if you query whatever.powerdmslocal.com it comes back 127.0.0.1

    Just set it as private - my first example vs host override.

    But if you want to set it all local you can do it with a redirect

    server:
local-zone: "powerdmslocal.com" redirect
local-data: "powerdmslocal.com 3600 IN A 127.0.0.1"
    0
  • D

    so I am kind of a noob and only have done GUI stuff :-) can you point me in the right direction?

    0
  • johnpoz
    LAYER 8 Global Moderator

    In the resolver gui.. Go to the options box and put in the private-domain I showed above.

    private.png

    Or if you want it to all stay local and not actually send forwards or queries upstream.. Set it to redirect

    server:
local-zone: "powerdmslocal.com" redirect
local-data: "powerdmslocal.com 3600 IN A 127.0.0.1"

    The private-domain is the cleaner option in this case, since that resolves on the public that way

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy